• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Squid Proxy NTLM Authentication Denial Of Service Vulnerability

Squid is reported to be susceptible to a denial of service vulnerability in its NTLM authentication module.

This vulnerability presents itself when attacker supplied input data is passed to the affected NTLM module without proper sanitization.

This vulnerability allows an attacker to crash the NTLM helper application. Squid will respawn new helper applications, but with a sustained, repeating attack, it is likely that proxy authentication depending on the NTLM helper application would fail. Failure of NTLM authentication would result in the Squid application denying access to legitimate users of the proxy.

Squid versions 2.x and 3.x are all reported to be vulnerable to this issue. A patch is available from the vendor.